An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | 3.16-community | noarch | libtar | = 1.2.20-r0 | UNKNOWN |
Alpine | 3.17-community | noarch | libtar | = 1.2.20-r0 | UNKNOWN |
Alpine | 3.18-community | noarch | libtar | = 1.2.20-r0 | UNKNOWN |